RE: Security Questions
- From: "MacGregor, Ian A." <ian@xxxxxxxxxxxxxxxxx>
- To: <cemail_219@xxxxxxxxxxx>, <oracle-l@xxxxxxxxxxxxx>
- Date: Tue, 24 Jan 2006 14:49:27 -0800
Before revoking those privileges
You should run code to check if the package is called by anyone else
Select distinct owner from dba_dependencies
Where referenced_name = 'DBMS_RANDOM';
Then grant the privileges directly to those "owners". Any oracle created user
you are not using should be locked, its password changed, and expired.
Ian MacGregor
Stanford Linear Accelerator Center
ian@xxxxxxxxxxxxxxxxx
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On
Behalf Of J. Dex
Sent: Tuesday, January 24, 2006 7:25 AM
To: oracle-l@xxxxxxxxxxxxx
Subject: Security Questions
For those of you who have had security audits, I am wondering about a couple
of things.....
Does it matter if standard Oracle roles are NOT password protected? Does it
only need to be non-standard roles that are password protected?
PUBLIC typically has some execute privileges, dbms_random, etc. Will it
adversely effect anything if those privileges are revoked?
_________________________________________________________________
On the road to retirement? Check out MSN Life Events for advice on how to
get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
--
//www.freelists.org/webpage/oracle-l
--
//www.freelists.org/webpage/oracle-l
Other related posts: